Software Integrity

Archive for the 'Cloud Security' Category

 

How can SMBs maximize AppSec returns on an SMB budget?

Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect […]

Continue Reading...

Posted in Application Security, Cloud Security, Data Breach, Software Security Program Development, Static Analysis (SAST)

 

7 things to consider when transitioning your applications to the Cloud

Written in coordination with Ugochukwu Enyioha Organizations are moving their applications to the Cloud (or using the Cloud as a starting point for application development) at an astonishing rate. According to Forbes, 73% of companies are planning to move to a fully software-defined data center within 2 years. The shift is motivated by three primary […]

Continue Reading...

Posted in Agile Methodology, Cloud Security, DevOps

 

The 4 most important secure development disciplines

Being the most innovative and successful cloud monitoring company on the market, developing new features to production every day, it’s not only crucial to deliver the best user experience, performance and high reliability, but also guarantee the highest SECURITY for our customers. To not let security measures slow down our agile and innovative value creation […]

Continue Reading...

Posted in Cloud Security, DevOps, Penetration Testing, Static Analysis (SAST)

 

What is cloud-native container security?

Security technology is changing for the better as the container deployment model makes it easier to automate application security. This means that as more enterprises deploy containers to public and private clouds they are able to incorporate security automation into their continuous integration and deployment (CI/CD) pipeline. Cloud-native container security is a term that describes […]

Continue Reading...

Posted in CI/CD, Cloud Security, Containers, DevOps

 

A primer on protecting keys and secrets in Microsoft Azure

Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every […]

Continue Reading...

Posted in Application Security, Cloud Security, Cryptography

 

Introducing Black Duck CoPilot

Today we’re happy to announce the release of Black Duck CoPilot by Synopsys (https://copilot.blackducksoftware.com/), a new cloud service that helps open source project teams catalog and report on their project’s dependencies and vulnerabilities. What is CoPilot and what does it do? Black Duck CoPilot is FREE for open source developers who use GitHub.com (the #1 […]

Continue Reading...

Posted in Cloud Security, DevOps

 

CORD Project: Driving network solutions with open source

CORD® (Central Office Re-architected as a Datacenter) is a platform leveraging leading edge SDN, NFV and Cloud technologies to build nimble in-line datacenters at the edge of operator networks. CORD integrates a curated collection of dozens of leading open source projects, thus making a fully-integrated platform for building innovative solutions available for network operators. Designed […]

Continue Reading...

Posted in Black Duck by Synopsys, Cloud Security, Open Source Security

 

What the Aporeto Trireme Project means for the security community

With extensive experience in networking, security and cloud, our founding team here at Aporeto, the company behind Trireme, embarked on a journey to redefine application security with the help of the cloud. Some of us have spend a lot of years in the network and SDN worlds. As we were operationalizing data center networks, it […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, Cloud Security

 

With comparisons to Heartbleed, Cloudbleed may affect millions

A researcher from Google disclosed on Thursday that private messages, API keys, and other sensitive data were being leaked by a major content delivery network to random requesters, a leakage that could affect up to 5.5 million websites. Like Heartbleed, which was co-discovered by the Synopsys team in Oulu, Finland, and Google in April 2014, […]

Continue Reading...

Posted in Application Security, Cloud Security, Fuzz Testing, Software Security Testing, Vulnerability Assessment

 

5 security industry buzzwords we love to hate

Computing security is an interesting space. One of the main aspects that makes it interesting is that there are many security terms that are ambiguous. With some words, we have no idea why we’ve come to use them! While these buzzwords aren’t going away any time soon, here is a list of buzzwords that most of the […]

Continue Reading...

Posted in Cloud Security, Ethical Hacking, Software Security Testing